CVE-2007-1455 - Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remo

CVE-2007-1455

Summary

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

References

http://osvdb.org/35036
http://osvdb.org/35037
http://securityreason.com/securityalert/2420
http://www.securityfocus.com/archive/1/462562/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:cpanel-host:fantastico_de_luxe:*:*:*:*:*:*:*:*
cpe:2.3:a:cpanel-host:fantastico_de_luxe:*:*:*:*:*:*:*:*

CVSS

Base:	9.0 (as of 16-10-2018 - 16:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:C/A:C

refmap via4

bugtraq	20070311 Fantastico In all Version Cpanel 10.x <= local File Include
osvdb	35036 35037
sreason	2420

Last major update

16-10-2018 - 16:38

Published

14-03-2007 - 18:19

Last modified

16-10-2018 - 16:38